Archive


Professional Professional(TS)
CONTENTS

Overview of Archive Timestamp

An archive timestamp is applied to a PDF after a signature or document timestamp has been applied, to prove that no tampering has occurred since then.

When a new archive timestamp is added to a PDF with a signature or document timestamp, it proves that there are no issues with the latest information confirmed online.

The reliability of the PDF, thus proven, is guaranteed for the validity period of the added archive timestamp.

By repeating this process regularly, the period during which the reliability of the PDF is guaranteed is effectively extended, making it possible to achieve long-term storage and long-term assurance of the PDF.

Signatures and Timestamps that Can Be Targeted

The following signatures and timestamps can have an archive timestamp added to them using this product.

However, all of them require that the signature or timestamp to be targeted is within its validity period.

TimeStamp
  • Document timestamp applied using “AMANO Time Stamp Service 3161”
  • Document timestamp applied using “SEIKO Time Stamp Service”
Signature
  • PKCS#7 profile signature (referred to as “Normal Signature” or “PAdES-Basic” in the old product SkyPDF 7 series)
  • CAdES profile signature (referred to as “PAdES-Enhanced” in the old product SkyPDF 7 series) 
  • Long-term signature applied with NEC plugin in our old product

Timing of Archive Timestamp

An archive timestamp needs to be applied within the validity period of the certificate used for the signature or timestamp. Ideally, it should be after the certificate revocation list (CRL: Certificate Revocation List) has been updated by the certificate authority after the signature or timestamp has been applied.

The optimal frequency for adding an archive timestamp needs to be determined by the user as appropriate.

If it is a very important document, you can continue to prove that there has been no tampering with the PDF for a long period of time by regularly applying an archive timestamp. On the other hand, for documents that are not so important or that finish their role in a short period of time, there is no need to update the archive timestamp frequently.

Please consider based on the importance of the document and how long its reliability needs to be maintained.

In the case of a signature, the next action and its deadline required for long-term assurance can be confirmed in the [Verification] > [Verify] > [Property of signature] > [PAdES] tab.

Applying an Archive Timestamp

If you have applied a signature or timestamp to a PDF for the purpose of long-term storage and long-term assurance, you need to add an archive timestamp.

  1. Ensure that the preparing for timestamp for Amano or SEIKO is ready.
  2. Open the PDF that could be the target of the archive timestamp with a signature or timestamp applied.
  3. Select [Archive] from the [Signature/Seal] menu.
  4. A Save As dialog box will appear.
    Specify the save location and file name for the PDF with the applied an archive timestamp and save it.
  5. Select [Verification] from the [Signature/Seal] menu.
    If the status of both the existing signature/timestamp and the added archive timestamp is valid, you’re done.
  • If you add an archive timestamp immediately after adding the previous signature or timestamp, there may be no change in the validity period due to reasons such as the certificate authority not updating the certificate revocation list.
  • You cannot add an archive timestamp after the validity period has expired.
    If you are aiming for long-term storage of the PDF, please add an archive timestamp before the validity period expires.

Extending NEC Plugin Long-Term Signature

CAdES signatures (hereafter, NEC long-term signatures) created using the “NEC Plugin Long-Term Signature Option” of our old products SkyPDF Professional 2012 / 2016, which are still verified as normal, can have an archive timestamp added with this product. However, it is not possible to newly apply this long-term signature.

Supported Formats

This product only supports the following formats of NEC long-term signatures.

CAdES-T This format includes a basic signature and a timestamp for that signature value.
It can be extended by adding CAdES-A.
CAdES-X Long This adds verification information and reference information to the existing CAdES-T.
Since it does not include an archive timestamp, the validity period is not extended.
It can be extended by adding CAdES-A.
CAdES-A For existing CAdES-T, it extends the validity period by adding reference information to the verification information, verification information, and an archive timestamp.
For existing CAdES-X Long and CAdES-A, it extends the validity period by adding an archive timestamp.
The validity period can be extended each time an archive timestamp is added.

Extending the Validity Period of NEC Long-Term Signature

  1. Ensure that the preparing for timestamp for Amano or SEIKO is ready.
  2. Open the PDF with the NEC long-term signature applied in this product.
    • This NEC long-term signature must have been created using the “NEC Plugin Long-Term Signature Option” of our old products SkyPDF Professional 2012 / 2016 and still be verified as normal.
  3. Select [Archive] from the [Signature/Seal] menu.
  4. Select [CAdES-A] as the signature method, check [Select Timestamp], and press [OK].
    • Only in PDFs with NEC long-term signatures applied, [CAdES-A] [CAdES-X Long] can be selected as the method.
      [CAdES-X Long] is used when you want to change the CAdES level from CAdES-T to CAdES-X Long. Therefore, if you select [CAdES-X Long], you cannot extend the validity period.
    • If you check [Add a verification information to signature], verification information will be added when generating the archive timestamp.
    • If the signature method selection dialog is not displayed and the message “ The file is digitally signed by CAdES, but due to lack of signature timestamo, the program failed to change CAdES level. Change to PAdES?” is displayed, it is a NEC long-term signature that cannot be extended.
  5. Select [Verification] from the [Signature/Seal] menu.
  6. Select the signature and press [Verify].
  7. Select [Property of signature].
  8. Open the [Archive Timestamp] tab, check that a new archive timestamp has been added and the status is valid, and you’re done.

The validity period of the NEC Long-Term Signature is extended each time CAdES-A (archive timestamp) is added.
It is not possible to extend it after the validity period of the timestamp has passed.
If you are aiming for long-term storage of PDFs, check the validity period of the TSA certificate from the [Timestamp Token Information] of the latest archive timestamp, and add CAdES-A regularly before the validity period expires.